sql - Multiple Delete MSSQL delete queries in Java Program -
i writing program changing roles. change role process involves deleting 2 tables(to clear current role/group), inserting 2 tables(to set role/group).
i have allowmultiplequeries = true in connection string, looks first query running.
the database mssql db.
is there way run both queries? can delete both tables?
the code have below:
jbutton changerolebtn = new jbutton("change role"); changerolebtn.setbounds(50, 375, 150, 30); changerolebtn.settooltiptext("changes role of user"); changerolebtn.addactionlistener(new actionlistener() { public void actionperformed(actionevent e) { if (requesterrole.isselected()) { stringbuffer getrolesquery3 = new stringbuffer("delete hib.personrole personid = '"); getrolesquery3.append(userid).append("'"); stringbuffer getrolesquery4 = new stringbuffer("delete hib.persongroup personid = '"); getrolesquery4.append(userid).append("'"); try { resultset rs = stmt.executequery(getrolesquery3.tostring()); resultset rs1 = stmt.executequery(getrolesquery4.tostring()); boolean empty = true; if(empty) { userrolelbl.settext("the user requester"); system.out.println(rs); system.out.println(rs1); } } catch(exception e2) { system.out.println(e2); } } } }); i have changed have prepared statement following error though when run it. java.sql.sqlexception: invalid parameter index 2.
changerolebtn.addactionlistener(new actionlistener() { public void actionperformed(actionevent e) { if (requesterrole.isselected()) { try { preparedstatement ps1, ps2; ps1 = con.preparestatement("delete hib.personrole personid = ?"); ps2 = con.preparestatement("delete hib.persongroup personid = ?"); ps1.setint(1, userid); ps2.setint(2, userid); ps1.executequery(); ps2.executequery(); con.commit(); userrolelbl.settext("the user requester"); } catch(exception e3) { e3.printstacktrace(); } } } });
you have execute each delete instruction independently, there's no restriction it.
as said in comment, code vulnerable sql injection, suggest use prepared statements:
// ... preparedstatement ps1, ps2; ps1 = con.preparestatement("delete hib.personrole personid = ?"); ps2 = con.preparestatement("delete hib.persongroup personid = ?"); ps1.setstring(1, userid); ps2.setstring(1, userid); ps1.execute(); ps2.execute(); // ... further reference:
- http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
- http://docs.oracle.com/javase/6/docs/api/java/sql/preparedstatement.html
hope helps
Comments
Post a Comment